International Rectifier

“I think ForeScout CounterACT is the best! Our initial goal was to prevent unauthorized computers from connecting to the network. Shortly after implementing ForeScout CounterACT, we discovered it provides full visibility and compliance status of all devices on the network. That is something I didn’t have before.”

– James Tu, Director of Information Security, International Rectifier

Challenge:

Headquartered in El Segundo, California, International Rectifier is a world leader in advanced power management technology. The company has 35 offices in 20 countries and employs 4,500 people worldwide. The corporate network spans 8500 endpoints.

Eliminate the possibility that visitors, contractors and guests could connect to the network; identify guest devices and isolate them to guest networks.

Find a network access control product that is easy to install and administer.

Solution:

International Rectifier extensively evaluated and benchmarked the leading vendors and selected ForeScout CounterACT because it required fewer network changes; and was less disruptive and easier to deploy. Other considerations were that ForeScout was easy to administer, had an easy-to-use interface and proved to be an excellent security compliance tool.

“ForeScout CounterACT was extremely easy to deploy and got up and running very quickly. Once deployed, it requires minimal management. We are also very impressed with ForeScout CounterACT’s user interface and ease of use. To me, allowing an endpoint to connect and then verifying status and enforcing policy, which is how we have setup ForeScout CounterACT, is a much better model than assuming the endpoint is insecure and denying access until status is verified, which is how the other NAC products work. It’s far less complicated and disruptive to the users. We are now using ForeScout CounterACT to segment unauthorized or unknown devices to a separate, Internet-only VLAN until we have more information about the device. We then grant known devices access to the network based on meeting compliance policies created by the Security Team.”

Results:

Greater Security and Reduced Risk

ForeScout CounterACT provides International Rectifier with greater security and reduced risk by preventing unauthorized devices from accessing the corporate network. “Our policy is that only company-owned machines are allowed on the internal corporate network. We have a separate guest wireless network for visitors coming onsite that need Internet access. Sometimes a guest, or even an employee, would plug their personal device into a wired port, which put them on the internal network. Before ForeScout CounterACT, we didn’t have a way to monitor the network and enforce the policy. Now we have the ability to identify unauthorized computers and dynamically direct them to a separate, Internet-only VLAN.”

Improved Endpoint Compliance

ForeScout CounterACT indicates which computers are running out-of-date applications. “We have used vulnerability assessment tools from Rapid 7 and McAfee, but they are harder to use, and they don’t give the full story. They also don’t provide real-time information. I need something to tell me what patches a machine is missing and when antivirus was last updated. With ForeScout CounterACT, it’s extremely easy to get this information, plus a lot more detail that I can’t get with any other tool. With ForeScout CounterACT, we discovered that some machines were not running antivirus properly. That’s a tremendous value to us and it only took a couple of minutes.”

Complete Endpoint Visibility

ForeScout CounterACT provides full visibility to the devices connecting to the network. “What surprised us the most was the amount of network visibility that ForeScout CounterACT gave us. From a single location we can see all our network switches and IP ranges globally, and can tell which switch and which port connect to a particular host. This is tremendous because it’s visibility that we didn’t have before. We also discovered that some employees had installed personal firewalls. When that happens, our desktop management systems lose visibility of that device. That’s not the case with ForeScout CounterACT. The network team loves ForeScout CounterACT because now we can find and control those devices.”

Fast Time-to-Value

“We deployed ForeScout CounterACT in under three weeks. The system is so well designed that I was able to configure it myself and write my own rules to check for compliance on antivirus and OS patching. ForeScout CounterACT immediately delivered value beyond the guest network access control by providing information about the security vulnerabilities of known devices.”